---
layout: docs
page_title: v0.10.0
description: |-
  Boundary release notes for v0.10.0
---

# Boundary v0.10.0

The release notes below contain information about new functionality available in the Boundary v0.10.0 release.
To see a granular record of when each item was merged into the Boundary project, please refer to the [Changelog](https://github.com/hashicorp/boundary/blob/main/CHANGELOG.md).
To learn about what Boundary consists of, we highly recommend you start at the [Getting Started Page](/boundary/docs/getting-started).

Lastly, for instructions on how to upgrade an existing Boundary deployment to v0.10.0, please review Boundary's [general upgrade guide](/boundary/tutorials/oss-configuration/upgrade-version).

## Boundary v0.10.0 Highlights

**Credential Management of SSH Keys:** Boundary 0.10 includes enhancements to credential management, including added support for management of SSH private keys.


**SSH Brokering Helper Function:** We’ve expanded support for the SSH brokering helper function that allows users to seamlessly connect to machines remotely
without having to manually enter their brokered credentials.

**Enhanced IAM Workflows in the Boundary Admin UI:** Boundary 0.10 introduces enhanced IAM associations to Boundary’s Admin UI, allowing users to expand IAM associations in a
project scope to resources such as group members and principals that reside in other scopes.

**SSH Credential Injection via Password and Public Key Authentication:** HCP Boundary now supports SSH Credential Injection, an active method of injecting credentials into an
established connection, so that credentials are never exposed to users. [Learn more here](/boundary/tutorials/hcp-administration/hcp-ssh-cred-injection).




## What's Changed
* `ssh` Target Type With Credential Injection (HCP Boundary only): Boundary has
  gained a new `ssh` target type. Using this type, username/password or SSH
  private key credentials can be sourced from `vault` credential libraries or
  `static` credentials and injected into the SSH session between a client and
  end host. This allows users to securely SSH to remote hosts while never being
  in possession of a valid credential for that target host.
* SSH Private Key Credentials: There is now an `ssh_private_key` credential type
  that allows submitting a username/private key (and optional passphrase) to
  Boundary for use with credential injection or brokering workflows.
* `boundary connect ssh` Credential Brokering Enhancements: we have extended
  support into the `boundary connect ssh` helper for brokered credentials of
  `ssh_private_key` type; the command will automatically pass the credentials to
  the `ssh` process ([PR](https://github.com/hashicorp/boundary/pull/2267)).
* `boundary authenticate`, `boundary accounts`: Enables use of `env://` and
  `file://` syntax to specify location of a password


**For more detailed information of all changes since 0.9.0, please refer to the [Changelog](https://github.com/hashicorp/boundary/blob/main/CHANGELOG.md)**
